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Amendments to the Claims . 

This listing of claims will replace all prior versions, and listings, of claims in the 



Listing of Claims : 

1.-25. (Canceled). 

26. (Currently amended) A network relaying method for a communication 
network system in which a plurality of network devices are coupled via a communication 
path, each network device including a network relaying device which is coupled via a 
plurality of I/O ports to a corresponding plurality of terminals, the method comprising the 
steps of: 

receiving a packet at a first I/O port from a source terminal coupled to the first I/O 
port, the packet including a header containing a packet transmission source address; 

determining whether a first combination o f information contained in the received 
packe t the first I /O port and th e pack e t transmiss i on s ou rce ad d re s s coincides 
sufficiently with a second combination o f -a n I /O port and a tr a nsm i ss i on source addr e s s 
that have information that has been registered in advance with a correspondenc e 
thorobotween: . wherein said first combination of information includes the first I/O port 
and the packet transmission source address of the received packet and said second 
combination of information includes an I/O port and a transmission source address that 
have been registered in advance with a correspondence therebetween, and, in 
response to w hen-the determining step resu l t s resulting in a determination that the first 
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combination of information of the first I /O port and th e pack et transm i ss i on sourc e 
addr e ss coincides sufficiently with- a the second combination of information of an I/O 
port and transm i ss i on sourc e addr e ss th a t h a v e boon rog i storod in advanco with a 



second I/O por t, wherein said first combination of information coincides sufficiently with 
said second combination of information for said relay portion to transfer the received 
packet from the second I/O port when said first I/O port and said packet transmission 
source address coincide with said I/O port and transmission source address that have 



when - in response to t he determining step r e su l t s resulting in a determination 
that th e first combination of information of th o f i rst I /O port and th e pack e t transmiss i on 
source addr e ss does no t hav e a coinc i d e nc e coincide sufficiently with- a the second 
combination of information- of an I/O port and tr a nsm i ss i on source a ddress that hav e 
boon r e gist e red i n advanc e w i th a corr e spond e nc e therebotwoon : 

limiting transfer of the received packet and transmitting a request for user 
authentication of a user to the source terminal of said received packet; 

receiving user authentication information sent from the source terminal in 
response to the request for user authentication; 

executing user authentication of the user based on the user authentication 
information thus received and based on the packet transmission source address; 

when the user is authenticated by the user authentication executed in the 
executing step, registering the first I/O port with a correspondence to the packet 
transmission source address; 




, transferring the packet received at the first I/O port via a 



been registered in advance with a correspondence therebetween ; 
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transferring the packet received at the first I/O port via the second I/O port; and 
when the user is not authenticated by the user authentication executed in the 
executing step, not transferring the packet received at the first I/O port. 

27. (Previously presented) A network relaying method according to Claim 26, 
wherein the user authentication information includes a user name and a password. 

28. (Previously presented) A network relaying method according to Claim 26, 
wherein the transmission source address includes an IP address and a MAC address. 

29. (Currently amended) A network relaying apparatus, comprising: 

a plurality of I/O ports adapted to be coupled to a plurality of terminals, 
respectively; 

a communication portion for transmitting and receiving data via the plurality of I/O 

ports; 

a relay portion which determines a transmitting I/O port of the plurality of I/O 
ports, from which a packet received via the communication portion from a receiving I/O 
port of the plurality of I/O ports is output via the communication portion; and which 
determines whether a first combination o f information contained in the received packet 
th e r e c e iv i ng I/O port and a packet transmission oourco address contain e d i n the pack e t 
coincides sufficiently with a second combination o f an I /O port and a transmiss i on 
s ourc e addr es s that h a v e information that has been registered in advance w i th a 
p^rrnp . pnndonco thorobotwoon . wherein said first combination of information includes 
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the receiving I/O port and a packet transmission source address of the received packet 
and said second combination of information includes an I/O port and a transmission 
source address that have been registered in advance with a correspondence 
therebetween, wherein said relay portion transfers the received packet from the 
transmitting I/O port^whe n in response to the relay portion determin e s determining that 
the first combination of information of tho roooiv i ng I /O port and th e pack e t transm i ss i on 
s o urc e ad d re ss coincides sufficiently with-a the second combination of informatiorv e^aft 
I /O port and transm i ss i on sourc e addr e ss th a t h a v e boon reg i stered in advanoo with a 
Gorrospondonoo thorobotwoon . wherein said first combination of information coincides 
sufficiently with said second combination of information for said relay portion to transfer 
the received packet from the transmitting I/O port when said receiving I/O port and said 
packet transmission source address coincide with said I/O port and transmission source 
address that have been registered in advance with a correspondence therebetween. 
and wherein said relay portion requests user authentication of a user from a source 
terminal of said received packet-when in response to the relay portion det e rmin e s 
determining that the first combination of information of th e r e ce i v i ng I /O port and th e 
paokot transmission sourc e addr ess does no t hav e a coincid e nc e coincide sufficiently 
with- a the second combination of information of an I /O port and a transm i ss i on sourc e 
addr e ss that havo boon reg i st e r e d i n advanc e with a correspondence th e r e betwe e n ; 

an authentication portion which registers the receiving I/O port with a 
correspondence to the packet transmission source address when completing user 
authentication based on user authentication information sent from the source terminal in 
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response to the request for user authentication and based on the packet transmission 
source address .-af»4 

wherein w hen the authentication portion does not authenticate the user, the relay 
portion does not transfer the received packet. 

30. (Previously presented) A network relaying apparatus according to Claim 29, 
wherein the user authentication information includes a user name and a password. 

31 . (Previously presented) A network relaying apparatus according to Claim 29, 
wherein the transmission source address includes an IP address and a MAC address. 

32. (Currently amended)-The_A network relaying method accord i ng to claim 26, 
for a communication network system in which a plurality of network devices are coupled 
via a communication path, each network device including a network relaying device 
which is coupled via a plurality of I/O ports to a corresponding plurality of terminals, the 
method comprising the steps of: 

receiving a packet at a first I/O port from a source terminal coupled to the first I/O 

port, the packet including a header containing a packet transmission source address; 

determining whether a combination of the first I/O port and the packet 

transmission source address coincides with a combination of an I/O port and a 
transmission source address that have been registered in advance with a 
correspondence therebetween; 
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when the determining step results in a determination that the combination of the 

first I/O port and the packet transmission source address coincides with a combination 
of an I/O port and transmission source address that have been registered in advance 
with a correspondence therebetween, transferring the packet received at the first I/O 
port via a second I/O port: 

when the determining step results in a determination that the combination of the 

first I/O port and the packet transmission source address do not have a coincidence 
with a combination of an I/O port and transmission source address that have been 
registered in advance with a correspondence therebetween: 

limiting transfer of the received packet and transmitting a request for user 

authentication of a user to the source terminal of said received packet: 

receiving user authentication information sent from the source terminal in 

response to the reguest for user authentication: 

executing user authentication of the user based on the user authentication 

information thus received and based on the packet transmission source address: 

when the user is authenticated by the user authentication executed in the 

executing step, registering the first I/O port with a correspondence to the packet 
transmission source address: 

transferring the packet received at the first I/O port via the second I/O port: and 

when the user is not authenticated by the user authentication executed in the 

executing step, not transferring the packet received at the first I/O port: 

wherein the source terminal coupled to the first I/O port belongs to a VLAN; and 
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wherein when a user is not authenticated by the user authentication executed in 
the executing step, a warning message is sent to all terminals belonging to the same 
VLAN as the source terminal of the packet received at the first I/O port. 

33. (Previously presented) The network relaying method according to claim 26, 
further comprising the step of performing user authentication periodically for each of 
said plurality of terminals having an address registered in advance with a 
correspondence to an I/O port. 

34. (Previously presented) The network relaying method according to claim 26, 
wherein the received packet includes a destination address, and the method further 
comprises the steps of: 

determining whether the destination address is registered in advance as a source 
address in combination with an I/O port; 

if the determining step determines that the destination address of the received 
packet is not registered in advance as a source address in combination with an I/O port, 
user authentication is made as to a destination terminal having the destination address, 
by transmitting a request for user authentication to the destination terminal of the 
received packet; receiving user authentication information sent from the destination 
terminal in response to the request for user authentication based on the user 
authentication information thus received from the destination terminal; when the user is 
authenticated by the user authentication based on the user authentication information 
received from the destination terminal, registering the first I/O port with a 
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correspondence to the destination address; and when the user is not authenticated by 
the user authentication based on the user authentication information received from the 
destination terminal, not registering the first I/O port with a correspondence to the 
destination address. 

35. (Currently amended)-The A network relaying apparatu s accord i ng to cla i m 
29. comprising: 

a plurality of I/O ports adapted to be coupled to a plurality of terminals, 

respectively: 

a communication portion for transmitting and receiving data via the plurality of I/O 

ports; 

a relay portion which determines a transmitting I/O port of the plurality of I/O 
ports, from which a packet received via the communication portion from a receiving I/O 
port of the plurality of I/O ports is output via the communication portion: and which 
determines whether a combination of the receiving I/O port and a packet transmission 
source address contained in the packet coincides with a combination of an I/O port and 
a transmission source address that have been registered in advance with a 
correspondence therebetween, wherein said relay portion transfers the received packet 
from the transmitting I/O port when the relay portion determines that the combination of 
the receiving I/O port and the packet transmission source address coincides with a 
combination of an I/O port and transmission source address that have been registered 
in advance with a correspondence therebetween, and wherein said relay portion 
requests user authentication of a user from a source terminal of said received packet 
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when the relay portion determines that the combination of the receiving I/O port and the 
packet transmission source address do not have a coincidence with a combination of an 
I/O port and a transmission source address that have been registered in advance with a 
correspondence therebetween: 

an authentication portion which registers the receiving I/O port with a 
correspondence to the packet transmission source address when completing user 
authentication based on user authentication information sent from the source terminal in 
response to the request for user authentication, 

wherein when the authentication portion does not authenticate the user, the relay 
portion does not transfer the received packet, 

wherein the source terminal of the received packet belongs to a VLAN; and 

wherein when a user is not authenticated by the user authentication, a warning 
message is sent to all terminals belonging to the same VLAN as the source terminal of 
the received packet. 

36. (Previously presented) The network relaying apparatus according to claim 
29, wherein user authentication is performed periodically for each terminal having an 
address registered in advance with a correspondence to an I/O port. 

37. (Previously presented) The network relaying method according to claim 29, 
wherein the received packet includes a destination address, 

wherein the relay portion determines whether the destination address is 
registered in advance as a source address in combination with an I/O port, 
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wherein if the relay portion determines that the destination address of the 
received packet is not registered in advance as a source address in combination with an 
I/O port, the relay portion initiates user authentication as to a destination terminal having 
the destination address by transmitting a request for user authentication to the 
destination terminal of the received packet and receiving user authentication information 
sent from the destination terminal in response to the request for user authentication 
based on the user authentication information thus received from the destination 
terminal, 

wherein when the user is authenticated by the user authentication based on the 
user authentication information received from the destination terminal, the 
authentication portion registers the receiving I/O port with a correspondence to the 
destination address, and 

wherein when the user is not authenticated by the user authentication based on 
the user authentication information received from the destination terminal, the 
authentication portion does not register the receiving I/O port with a correspondence to 
the destination address. 
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